Beware Trading Privacy for Convenience

We pay for things with the swipe of a finger. We ask Siri how to get to a restaurant. Our friends can track exactly when we’ll show up. We can monitor our heart rates and calories burned — and compare our results with friends and strangers. We’re in the early days of a digital, mobile transformation. The benefits can seem limitless. And as a society, we are already becoming accustomed to the convenience, the connectivity, and the new insights that surface.

This democratization of technology impacts all races, incomes, cultures, and geographies. For example, the Supplemental Nutrition Assistance Program in the U.S. now distributes all its benefits — what used to be called food stamps — electronically via Electronic Benefit Transfer debit cards. These can be used like any other debit card for food purchases at grocery stores, local farmers markets, and some restaurants. Benefit recipients do not need to have a bank or deposit account. The cost savings are huge, with the federal government spending $200 million less on paperwork and administration. It’s also more convenient for beneficiaries than carrying around a stack of actual food stamps.

We also see savings and other benefits as tollbooths go away and electronic payments take charge. Just recently, San Francisco’s Golden Gate Bridge got rid of all its toll collectors. In Texas, the six toll roads around Austin have also stopped taking cash. Drivers using the TxTag can whiz through the 52 toll points and 45 ramp toll plazas, and the state will save an estimated $8.5 million each year.

The slow trade of privacy for convenience The benefits of this digitization for consumers, companies, and governments are obvious and exciting: Instant gratification, seamless experiences, cost savings, greater insight. However, the digital exhaust we leave behind while using these convenient and often free services reveals much about us. Social networks, mobile apps, self-quantification, and sensor networks are creating a massive and very public mesh network of data to be mined.

Repeated check-ins can reveal your home location. Personal information shared in public social networks is being used by hackers to crack passwords. Marketers now have rich profiles that can predict when you are more likely to order sushi during the week or whether you prefer wine over beer. The electronic toll way system and the cellular towers know where you are. Your smartphone’s location-based services mean you can never disappear.

Even worse, a global push to digital transactions means that we no longer have anonymity when we make a purchase. The rapid adoption of electronic payments may render cash obsolete in our lifetimes. The new payment methods might be more convenient, yet every transaction will be tied back to us.

Our longing for convenience means we’ve created a matrix that can and will be used against us. Most of us just don’t know it yet — although last week’s revelations about the large-scale surveillance programs the U.S. National Security Agency has been conducting in cooperation with telephone and Internet companies has raised the awareness level a bit. This digital trail isn’t protected by Fourth Amendment protections against unlawful search and seizure — law enforcement in the U.S. doesn’t need a warrant for many digital searches; a simple subpoena will do. This applies to cell-phone location data, information you store in the cloud, you name it.

The battle for digital identity Meanwhile, social networking sites, financial service companies, smartphone manufacturers, governments, insurance companies, and telecom carriers all want customers to trust them with their identities. With that trust, they hope to secure revenue streams from identity to orchestrate payments, manage access, validate reputation, and ensure security.

This is the paradox. The companies contending to win our trust to manage our digital identities all seem to have complementary (or competing) business models that breach that trust by selling our data.

Customers must take back control of their data Something has to give. My belief is that we won’t be able to build sustainable digital business models until we agree on some limits to how customer data can be used. A compact must be reached on the balance between privacy and convenience.

What exactly that compact will look like is anybody’s guess. But here are seven basic protections that consumers ought to demand:

Make “opt-in” the default. Basic profile information should require an affirmative permission to share information, use for offer creation, or even suggest next best action. Opt-ins should also apply to user-generated information such as messages, photos, audio, and video.

Be transparent in how personal information is used. Organizations should detail what information will be shared. Users should know if their information will be sold and if so to whom.

Give advance notice of privacy changes. Organizations should provide adequate warning when new features impact a user’s privacy preferences.

Require “opt-in” for privacy changes. The default option should be to keep privacy preferences the same. The recent Electronic Privacy Information Center FTC complaint and settlement with Facebook reinforces this principal.

Prevent access to user’s data upon account deletion. Information about a user should be locked down when an account is deleted. It should not be used in aggregate statistics or data.

Allow users to export their data. Customers should own their data and be able to take it with them as needed. Doc Searls and the Project VRM community have been advocating Personal Data Stores for quite some time. This may be the necessary requirement for social business to make it to the next level.

Give users a “hard delete” option. Users should be able to request and receive a permanent deletion of their data, with all information removed from all files.

Many would like us to believe that privacy is dead. Yet, privacy is a societal choice — it is only dead if we allow it to be. We should insist that businesses and government agencies offer choices to engage in both offline and online models. This may result in a rebalance of how much privacy we are willing to trade for convenience and lower cost. For example, we may decide that some inconveniences — such as a mandatory option to be able to conduct business in cash — are worth it. We should not resign ourselves to thinking that we cannot defend our individual freedoms. We must have an open dialog about where we will draw the line. Let’s get started before it’s too late.